# - name: Install Pfsense-Sudo Package # ansible.builtin.shell: # cmd: pkg install -y pfsense-pkg-sudo - name: Set Hostname to "{{ kundenkürzel }}-ROU01" pfsensible.core.pfsense_setup: hostname: "{{ kundenkürzel }}-ROU01" domain: "{{ kundendomain }}" - name: Set timezone and language pfsensible.core.pfsense_setup: timezone: Europe/Berlin language: de_DE - name: Enable Interface vtnet1 (Privat-Network) pfsensible.core.pfsense_interface: descr: LAN interface: vtnet1 ipv4_address: "{{ privatip }}.1" ipv4_prefixlen: 24 ipv4_type: static enable: true - name: "Add NAT port 25 forward traffic rule" pfsensible.core.pfsense_nat_port_forward: descr: 'Port 25' interface: wan source: any destination: any:25 target: "{{ privatip }}.2:25" associated_rule: associated state: present - name: "Add NAT port 80 forward traffic rule" pfsensible.core.pfsense_nat_port_forward: descr: 'Port 80' interface: wan source: any destination: any:80 target: "{{ privatip }}.3:80" associated_rule: associated state: present - name: "Add NAT port 443 forward traffic rule" pfsensible.core.pfsense_nat_port_forward: descr: 'Port 443' interface: wan source: any destination: any:443 target: "{{ privatip }}.3:443" associated_rule: associated state: present - name: "Add NAT port 465 forward traffic rule" pfsensible.core.pfsense_nat_port_forward: descr: 'Port 465' interface: wan source: any destination: any:465 target: "{{ privatip }}.2:465" associated_rule: associated state: present - name: "Add NAT port 993 forward traffic rule" pfsensible.core.pfsense_nat_port_forward: descr: 'Port 993' interface: wan source: any destination: any:993 target: "{{ privatip }}.2:993" associated_rule: associated state: present - name: "Add NAT port 587 forward traffic rule" pfsensible.core.pfsense_nat_port_forward: descr: 'Port 587' interface: wan source: any destination: any:587 target: "{{ privatip }}.2:587" associated_rule: associated state: present - name: "Add NAT port 4500 forward traffic rule" pfsensible.core.pfsense_nat_port_forward: descr: 'Port 4500' interface: wan source: any destination: any:4500 target: "{{ privatip }}.1:4500" associated_rule: associated state: present protocol: udp - name: "Add NAT port 500 forward traffic rule" pfsensible.core.pfsense_nat_port_forward: descr: 'Port 500' interface: wan source: any destination: any:500 target: "{{ privatip }}.1:500" associated_rule: associated state: present protocol: udp - name: Add IPSEC "{{ kundenkürzel }} - Tunnel" pfsensible.core.pfsense_ipsec: state: present descr: "{{ kundenkürzel }} - Tunnel" interface: wan remote_gateway: "{{ kunde_public_ip }}" iketype: ikev1 mode: main authentication_method: pre_shared_key preshared_key: "{{ lookup('community.general.random_string', base64=True, length=32) }}" - name: Add Phases 1 to IPSEC "{{ kundenkürzel }} - Tunnel" pfsensible.core.pfsense_ipsec_p2: p1_descr: "{{ kundenkürzel }} - Tunnel" descr: "{{ kundenkürzel }} - Phase 2" state: present apply: False mode: tunnel local: "{{ privatip }}.1/24" remote: "{{ kundennetz }}/24" aes: True aes256gcm: true aes_len: auto aes256gcm_len: auto sha256: True